Reputation: 73
Open and write to a new window but forcing it to be cross domain
I need to open a new window and write some user supplied html with possible css and javascript.
I do not want them to have access to any of the cookies or give them access to anything else from the main webpage.
Currently with:
var text = userSuppliedText;
var newWindow = window.open("");
newWindow.newWindow.document.write(text);
newWindow.close();
This makes the new window's domain to be the same as the parent page. Is there a way to avoid this?
Thanks!
Upvotes: 0
Views: 436
Answers (1)
Reputation: 65806
There is no way to dynamically create a new window in a different domain than the page that creates it (and that's a good thing for security purposes).
Since your desire is to open the page in a different domain, your best bet is to create a page in another domain and set up an AJAX request that sends data to it, but of course, CORS will need to be configured for cross-domain access.
Also (FYI), newWindow.write(text); would fail. It would need to be: newWindow.document.write(text);.
Upvotes: 1
Related Questions
- Alternative to window.open that doesn't involve CORS
- Use window.open but block use of window.opener
- How do I get around window.opener cross-domain security
- Opening a new window that needs to make ajax calls to another domain
- window.opener cross domain call using javascript
- Javascript communicating cross-domain to parent window of iframe
- js cross-domain to iframe
- cross domain window opener button click
- window.open cross scripting with same domain?
- cross-domain javascript